Deciding the meaning of 'disabling' an account (and the value of procedures)

One of the things that the challenge of disabling an account has made clear to me is that it's far from
clear just what disabling an account means to different people. I think
we can all agree that the user of a disabled account shouldn't be able
to use any of your authenticated services any more, but as alluded to
in my first entry there are a number of
other things where it's not clear what should happen.

For example: should the disabled account still get email? Should their
files remain visible and accessible to other users? Should their
personal home page remain visible? Should they still be visible in your
user directory, and if so should they be marked in some way? If they're
the responsible person for local mailing lists, what happens to those?

(I'm separating this from the issue of completely disabling someone's
access to your services even in the face of passwordless ssh access
and the like.)

There's no set right answer to these questions. A lot depends on your
specific environment and what generally happens after you disable
an account. For example, if disabling an account is often reversed
(so you're actually suspending it temporarily), you'll likely want a
different set of answers than if disabling an account is almost always a
prelude to deleting it entirely. However, you do want to have answers
for these questions when you're disabling an account, in part because
different answers mean that you do different things on a technical
level.

(For example, if you want a user's email to still work you probably
can't rename their login, even though that's a great way of disabling
any crontabs and at jobs that they have sitting around.)

This brings up the value of either automating the process of disabling
accounts or documenting a procedure for it. Doing either of these is
going to cause you to confront these questions and come up with answers
for them (well, doing either of these thoroughly). Even if the answers
are 'it depends, we have to decide on a case to case basis', at least
you now have written down that you need to ask the questions, come up
with an answer, and take certain steps based on what the answer is.
What results is both awareness and consistency; you know that these
issues exist, you've thought about what the right thing to do is, and
you're probably going to do the same thing every time.

You can still get awareness of these issues without having a set
procedure for disabling accounts, but now you're at the mercy of
remembering them all on the fly. If you forget, your 'answers' to these
questions now only happen as side effects of whatever else you're doing
to disable the account, and they may or may not be what you actually
want to happen. And if you disable accounts in different ways at
different times, you can get different outcomes without intending it,
eg you thought that locking the password was equivalent to expiring the
account but it turns out that they have different side effects.